IT6701-Information Management Unit 2

IT6701
Information Management
IV Year / VII Semester

UNIT II DATA SECURITY AND
PRIVACY
• Program Security, Malicious code and controls
against threats; OS level protection; Security –
Firewalls, Network Security Intrusion
detection systems. Data Privacy principles.
Data Privacy Laws and compliance.

Introduction
• to devise ways to prevent the weaknesses from being
exploited.
• Aspects:
– Confidentiality - accessed only by authorized parties.
(privacy)
– Integrity - assets can be modified only by authorized parties
or only in authorized ways.
– Availability - accessible to authorized parties at appropriate
times

Introduction
• Security related terms:
– Computer Security : collection of tools designed to
protect data.
– Network Security: to protect data during
transmission
– Internet Security: to protect data during
transmission over a collection of inter-connected
networks.
– Data Security: preventing data from theft.

Program Security
• How do we keep programs free from flaws?
• How do we protect computing resources
against programs that contain flaws?
larger issue in program security - Trust

Program Security
security implies some degree of trust that the
program enforces expected confidentiality,
integrity, and availability.
to assess security - to ask people to name the
characteristics of software that contribute to
its overall security.

Program Security
 Fixing Faults:
 Bug: a mistake in interpreting a requirement, a
syntax error in a piece of code, or the (as-yet-
unknown) cause of a system crash.
 Error: When a human makes a mistake.
the error may lead to a fault, or an incorrect step,
command, process, or data definition in a
computer program.

Program Security
 Fixing Faults:
 Failure: a departure from the system's required
behavior.
a fault is an inside view of the system, as seen by
the eyes of the developers, whereas a failure is an
outside view: a problem that the user sees.

Program Security
 Fixing Faults:
 Penetrate and Patch:
searched for and repaired faults.
 the patch efforts were largely useless, making the
system less secure rather than more secure because
they frequently introduced new faults.

Program Security
 Fixing Faults:
 Reasons:
The pressure to repair a specific problem encouraged a
narrow focus on the fault itself and not on its context.
The fault often had nonobvious side effects in places
other than the immediate area of the fault.
Fixing one problem often caused a failure somewhere
else.
The fault could not be fixed properly because system
functionality or performance would suffer as a
consequence.

Program Security
 Unexpected Behavior:
 programs to see whether they behave as their
designers intended or users expected – Program
security flaws.
A flaw can be either a fault or failure, and a
vulnerability usually describes a class of flaws,
such as a buffer overflow.

Program Security
 Unexpected Behavior:
 Program security flaws can derive from any kind
of software fault.
 a misunderstanding of program requirements to a
one-character error in coding or even typing

Program Security
 Types of flaws:
 Intentional flaws (harmful)
 Malicious flaws
 Non- Malicious flaws (not very serious)

Program Security
 Types of flaws:
 Inadvertent flaws:
validation error (incomplete or inconsistent): permission
checks
domain error: controlled access to data
serialization and aliasing: program flow order
inadequate identification and authentication: basis for
authorization
boundary condition violation: failure on first or last case
other exploitable logic errors

Program Security
 Types of flaws: Non- Malicious flaws (not
very serious)
 Buffer Overflows:
 A buffer (or array or string) is a space in which data can
be held.
 Example: char sample[10];

Program Security
 Buffer Overflows:
First two only effect the
user.
Malicious programmer
focuses
on accessing the second two
.

Program Security
very serious)
 Buffer Overflows: Security Implication
 the attacker may replace code in the system space.
the attacker may make use of the stack pointer or the
return register

Program Security
very serious)
 Incomplete Mediation:
http://www.somesite.com/subpage/userinput.asp?parm1
=(808)555-1212 &parm2=2009Jan17.
 to prevent the use of nonsense data, the program can
restrict choices only to valid ones.
 The sensitive data (namely, the parameter values) are in
an exposed, uncontrolled condition.

Program Security
very serious)
 Incomplete Mediation: Security Implications
 unchecked data values represent a serious potential
vulnerability.

Program Security
 Types of flaws: Non- Malicious flaws
 Things, Inc., was a very large, international vendor of
consumer products, called Objects. The company was
ready to sell its Objects through a web site, using what
appeared to be a standard e-commerce application. The
management at Things decided to let some of its in-
house developers produce the web site so that its
customers could order Objects directly from the web.

Program Security
http://www.things.com/order.asp?custID=101&part=55
5A&qy=20&price=10&ship=boat&shipcost=5&total=2
05

Program Security
very serious)
 Time-of-Check to Time-of-Use Errors :
 involves synchronization.
 To improve efficiency, modern processors and
operating systems usually change the order in which
instructions and procedures are executed.

Program Security
very serious)
 Access Control – only those who should access an
object are allowed that access. Ex: Sculpture
between the time the access was checked and the
time the result of the check was used, a change
occurred, invalidating the result of the check.

Program Security
 Security Implications:
to ensure that critical parameters are not exposed during any
loss of control.
 to ensure serial integrity - to allow no interruption (loss of
control) during the validation.

Program Security
 Types of flaws:
Malicious flaws
 The programs operate on data, taking action only
when data and state changes trigger it.
 behaves in unexpected ways.
 Ex: Installing a new software
 writing a message on a computer screen, stopping
a running program, generating a sound, or erasing
a stored file.

Program Security
 Malicious Code - Types
 undesired effects in programs.
A virus:
 a program that can replicate itself and pass on
malicious code to other nonmalicious programs by
modifying them.

Program Security
 Malicious Code – Types
Virus:
 Transient virus: depends on the life of its host
 Resident virus: locates itself in memory
 Document virus: embedded in a formatted
document.
Boot sector virus: reading a fixed number of bytes
from a fixed location on the disk

Program Security
Virus:
 Macro virus: a user to execute a serious of
commands and repeat them with just invoking a
single macro feature.
 Polymorphic virus: virus can keep changing its
form.

Program Security
 Trojan Horse:
 has a non obvious malicious effect.
 logic bomb:
 goes off when a specified condition occurs.
 Trapdoor or backdoor:
 a program by which someone can access the
program other than by the obvious, direct call,
perhaps with special privileges.

Program Security
 Worm:
 a program that spreads copies of itself through a
network.
 Rabbit:
 self-replicates without bound, with the intention of
exhausting some computing resource

Program Security
 Virus Signatures:
 Code must be stored somewhere, and the code
must be in memory to execute.
the virus executes in a particular way, using certain
methods to spread.
 Virus scanner:
Detect and delete the virus

Program Security
 Malicious Code”
 Prevention of virus Infection:
Use only commercial software acquired from
reliable, well-established vendors.
 Test all new software on an isolated computer
 Open attachments only when you know them to
be safe
 Make a recoverable system image and store it
safely.
 Make and retain backup copies of executable
system files.
Use virus detectors (often called virus scanners)
regularly and update them daily.

Program Security
Targeted Malicious Code:
 malicious code is written for a particular system,
for a particular application, and for a particular
purpose.
 Trapdoors:
 an undocumented entry point to a module.
 computing systems are complex structures,
programmers usually develop and test
systems in a methodical, organized, modular manner.
 unit testing, integration testing.
 Poor error checking.

Program Security
 Trapdoors – Causes:
 trapdoors can persist in production programs
because the developers.
forget to remove them
 intentionally leave them in the program for testing
 intentionally leave them in the program for
maintenance of the finished program,

Program Security
 Salami Attack
 merges bits of seemingly inconsequential data to yield
powerful results
 Ex: the small amounts are shaved from each
computation and accumulated elsewhere such as in the
programmer's bank account

Program Security
 Privilege Escalation:
 Programs run in a context: Their access rights and
privileges are controlled by that context.
 malicious code to be launched by a user with lower
privileges but run with higher privileges.
Interface Illusions:
 spoofing attack in which all or part of a web page is
false.
 The object of the attacker is to convince the user to do
something inappropriate.

Program Security
 Man-in-the-Middle Attacks :
 a malicious program interjects itself between two other
programs, typically between a user's input and an
application's result.
Timing Attacks :
 the time it takes a computer to perform a task depends
on the size of the task.

Covert Channels
 extraordinary paths of communication is
covert channels.
 programs that communicate information to
people who should not receive it.
The communication travels unnoticed,
accompanying other, perfectly proper,
communications.
 communications are hidden in an open
channel

Covert Channels
 Creating covert channels:
 producing a specific output report or displaying
desired values.
 Encoding the data values in another report by
varying the format of the output.
 Omitting the printing of certain values
 printing certain specific values
 Changing the number of lines per page.

Covert Channels
 Storage Channels:
 pass information by using the presence or absence
of objects in storage.
 Ex: file lock channel.
 In multiuser systems, files can be "locked" to
prevent two people from writing to the same file at
the same time.

Covert Channels
Timing Channels:
pass information by using the speed at which
things happen. Actually, timing channels are
shared resource channels in which the shared
resource is time.
 analyzing the resources of a system,
 the other works at the source code level.

Covert Channels
Shared Resource Matrix:
finding all shared resources and determining
which processes can write to and read from the
resources.
 a matrix of resources (rows) and processes
that can access them (columns)
 The matrix entries are R for "can read (or
observe) the resource" and M for "can set (or
modify, create, delete) the resource.

Covert Channels
 Information Flow Method:
 analysis can be automated within a compiler so that
information flow potentials can be detected while a
program is under development.
 Explicit flow: the statement B:=A, which assigns the
value of A to the variable B, obviously supports an
information flow from A to B.
 Implicit flow: The conditional statement IF D=1
THEN B:=A has two flows: from A to B because of
the assignment, but also from D to B, because the
value of B can change if and only if the value of D is
1.

Controls Against Program Threats
controls during software development the
specifying, designing, writing, and testing of
the program to find and eliminate the sorts of
exposures.
 Types of controls:
 Developmental Controls
 operating system
 administrative

 Developmental Controls:
 The Nature of Software Development:
 specify the system
 design the system
 implement the system
 test the system
 review the system
 document the system
 manage the system
 maintain the system

 Modularity, Encapsulation, and Information
Hiding:
 Modules: to create a design or code in small, self-
contained units
 If a component is isolated from the effects of other
components, then it is easier to trace a problem to the
fault that caused it and to limit the damage the fault
causes.

 Modularity:
the process of dividing a task into subtasks, Each
component performs a separate, independent part of the
task.
 Conditions:
 single-purpose
 small
 simple
 independent

 Modularity:
 Advantage:
 Maintenance
 Understandability
 Reuse
 Correctness
 Testing.

 Modularity:
 High Cohesion and lo coupling
 Coupling: the degree with which a component depends
on other components in the system.
 low or loose coupling is better than high or tight
coupling

 Encapsulation:
 hides a component's implementation details, but it does
not necessarily mean complete isolation
 "technique for packaging the information [inside a
component] in such a way as to hide what should be
hidden and make visible what is intended to be visible."

 Information Hiding:
 a component as a kind of black box, with certain well-
defined inputs and outputs and a well-defined function.
 Other components' designers do not need to know how
the module completes its function.
 desirable because developers cannot easily and
maliciously alter the components of others if they do not
know how the components work.

 Review
 Walk-through
 Inspection
A wise engineer who finds a fault can deal
with it in at least three ways:
1. by learning how, when, and why errors occur
2. by taking action to prevent mistakes
3. by scrutinizing products to find the instances and
effects of errors that were missed

 Testing:
 a process activity that homes in on product quality
 Unit testing
 Integration testing
 System testing
 function test
 performance test
 acceptance test
 regression testing
 Perspective: Black-box testing and white-box testing

 Good Design:
 using a philosophy of fault tolerance
having a consistent policy for handling failures
capturing the design rationale and history
using design patterns
 Designers should try to anticipate faults and
handle them in ways that minimize disruption and
maximize safety and security

 Good Design:
 failures include
failing to provide a service
providing the wrong service or data
corrupting data
 Handling Problem:
 Retrying
 Correcting
 Reporting
 Configuration Management

 Standards of Program Development
 standards of design, including using specified design
tools, languages, or methodologies, using design
diversity, and devising strategies for error handling and
fault tolerance
 standards of documentation, language, and coding
style, including layout of code on the page, choices of
names of variables, and use of recognized program
structures

 Standards of Program Development
 standards of programming, including mandatory peer
reviews, periodic code audits for correctness, and
compliance with standards
 standards of testing, such as using program verification
techniques, archiving test results for future reference,
using independent testers, evaluating test thoroughness,
and encouraging test diversity

Protection in General-Purpose
Operating Systems
 Operating system functions can be categorized
as,
 access control
identity and credential management
information flow
audit and integrity protection

Operating Systems
 History:
 No system s/w - User entered pgms in binary
Executives - Assist single user with preparation and
cleanup. Entirely passive:
Waited for user’s request
Provided service on demand
 Monitors-Assisted multiple users in
multiprogramming systems. Protect one user from
interference (malicious or acceidental or malicious) by
another

Operating Systems
Multiprogramming - Protected Objects:
 memory
sharable I/O devices, such as disks
serially reusable I/O devices, such as printers and
tape drives
sharable programs and subprocedures
 networks
sharable data

Operating Systems
 Security Methods of Operating Systems:
 Separation: keeping one user's objects separate from other
users.
 physical separation - different processes use different physical
objects, such as separate printers for output requiring different
levels of security
 temporal separation - different security requirements are executed
at different times
 logical separation - cannot access objects outside its permitted
domain
 cryptographic separation - conceal their data and computations

Operating Systems
 Level of Security in OS:
 Do not protect: Operating systems with no
protection.
 Isolate: different processes running concurrently
are unaware of the presence of each other.
 Share all or share nothing: the owner of an object
declares it to be public or private.
 Share via access limitation: checks the
allowability of each user's potential access to an
object

Operating Systems
 Level of Security in OS:
 Share by capabilities: dynamic creation of sharing
rights for objects.
 Limit use of an object: limits not just the access to
an object but the use made of that object after it
has been accessed.

Operating Systems
Memory and Address Protection:
 protection can be built into the hardware
mechanisms that control efficient use of memory,
so solid protection can be provided at essentially
no additional cost.

Operating Systems
 Fence:
 single-user operating systems to prevent a faulty
user program from destroying part of the resident
portion of the operating system.
 a method to confine users to one side of a
boundary

Operating Systems
 Fence:
 predefined memory address n between OS and
user
 predefined amount of space was always reserved
for the operating system, whether it was needed or
not

Operating Systems
 Fence:
 Fence Register: the address of the end of the
operating system.
 the location of the fence could be changed

Operating Systems
 Relocation:
 the process of taking a program written as if it
began at address 0.
 the relocation factor - the starting address of the
memory assigned for the program.
 The fence register can be a hardware relocation
device.
 both relocates the address and guarantees that no
one can access a location lower than the fence
address

Operating Systems
 Base/Bounds Registers:
 A variable fence register – base register.
 provide a lower bound (a starting address) but not
an upper one.
 bounds register, is an upper address limit
 Each pgm address forced to be above base address
Each pgm address checked to be below bounds
address

Operating Systems
 Tagged Architecture:
 Problem with base/bounds registers
 high granularity of access rights
 Can allow another module to access all or none of
its data
 Tagged Architecture: every word of machine
memory has one or more extra bits to identify the
access rights to that word

Operating Systems
 Tagged Architecture:
 Access bits set by OS
 Tested every time instruction accesses its location
Tag Word
R 0001
RW 0137
R 4091
R 0002
X

Operating Systems
 Segmentation:
 dividing a program into separate piece
 Each segment has a unique name.
 <name, offset>
 name is the name of the segment
 offset is its location within the segment

Control of Access to General Objects
 Access Control:
 providing security in an OS.
 can grant or revoke access for certain resources like
file, program and data.
 Goals:
 Check every access - to revoke a user's privilege to
access an object.
 Enforce least privilege - a subject should have access
to the smallest number of objects necessary to perform
some task.
 Verify acceptable usage - to check that the activity to
be performed on an object is appropriate.

 Access Control – Implementation:
 Directory:
 simple way of protection.
 Every file has a unique owner who possesses
"control" access rights and to revoke access to any
person at any time.
 Each user has a file directory, which lists all the files
to which that user has access.
 the operating system must maintain all file directories
 rights to files are the common read, write, and execute
familiar on many shared systems

 Directory:
 user to grant and revoke access rights
 Advantages:
 easy to implement because it uses one list per user,
naming all the objects that user is allowed to access
 Disadvantages:
 the list becomes too large if many shared objects.
 revocation of access is difficult
 involves pseudonyms leads to multiple permission
that are not necessarily consistent.

 Directory:

 Access Control List:
 one such list for each object, and the list shows all
subjects who should have access to the object and
what their access is.
 Protection classes:
 user - a specific subject,
 group - who had a common interest
 compartment - an untrusted object

 Access Control List:

 Access Control Matrix:
 a table in which each row
represents a subject, each column represents an
object, and each entry is the set of access rights for
that subject to that object.
 represented as a list of triples, <subject, object,
rights>

 Access Control Matrix:
BIBLIO
G
TEMP F HELP.T
XT
C_COM
P
LINKER SYS_CL
OCK
PRINTE
R
USER A ORW ORW ORW R X X R W
USER B R - - R X X R W
USER S RW - R R X X R W
USER T - - - R X X R W
SYS_MG
R
- - - RW OX OX ORW O
USER_S
VCS
- - - O X X R W

 Capability:
 an unforgeable token that gives the possessor
certain rights to an object.
 users can create objects, such as files, data
segments, or subprocesses, and can also specify
the acceptable kinds of operations, such as read,
write, and execute.
 capabilities can be encrypted under a key
available only to the access control mechanism.

 Capability:
 One possible access right to an object is transfer
or propagate.
 Domain: the collection of objects to which the
process has access

 File Protection Mechanisms:
 Basic Forms of Protection:
 AllNone Protection:
trust combined with ignorance.
 Unacceptable for many reasons: Lack of trust, Too
coarse, Rise of sharing
 Group Protection
 identifying groups of users who had some common
relationship.
 Windows: Administrators, Power Users, Users, and
Guests.
 Unix: the user, group and other users

 File Protection Mechanisms:
 Individual Permissions:
 Persistent Permission:
 uses a name, a token or a secret.
 User access permissions can be required for any access
or only for modifications (write access)
 Temporary Acquired Permission
 The Unix designers added a permission called set
userid (suid).
 Per-Object and Per-User Protection
 The access control lists or access control matrices
described earlier provide very flexible protection

 User Authentication
 An operating system bases much of its protection
on knowing who a user of the system is.
 Authentication Mechanism:
 Something the user knows: Passwords, PIN
numbers
 Something the user has: Token and cards
 Something the user is: biometrics, are based on a
physical characteristic of the user, such as a
fingerprint, the pattern of a person's voice, or a
face (picture)

 Passwords as Authenticators:
 Passwords are mutually agreed-upon code words,
assumed to be known only to the user and the system.
 difficulties of use:
 Loss: no one will be able to replace a lost or forgotten
password
 Use: each access to a file can be inconvenient and time
consuming.
 Disclosure: If a password is disclosed to an unauthorized
individual, the file becomes immediately accessible.
 Revocation: To revoke one user's access right to a file,
someone must change the password

 Additional Authentication Information:
 Multifactor authentication:
 two-factor authentication
 Attacks on Passwords:
 Passwords are somewhat limited as protection devices
because of the relatively small number of bits of
information they contain

 Password guessing steps:
 no password
the same as the user ID is, or is derived from, the user's name
common word list (for example, "password," "secret," "private")
plus common names and patterns (for example, "asdfg," "aaaaaa")
short college dictionary
complete English word list
common non-English language dictionaries
short college dictionary with capitalizations (PaSsWorD) and
substitutions (0 for O, and so forth)

 Password Selection Criteria:
 Use characters other than just AZ
 Choose long passwords.
 Avoid actual names or words.
 Choose an unlikely password
 Change the password regularly.
 Don't write it down.
 Don't tell anyone else.

 One-Time Passwords:
 changes every time it is used.
 the system assigns a static mathematical function.
 The system provides an argument to the function, and
the user computes and returns the function value -
challengeresponse systems

 One-Time Passwords – functions:
 f(x) = x + 1
 f(x) = r(x)
 f(E(x)) = E(D(E(x)) + 1).

 The Authentication Process:
 users occasionally mistype their passwords.
 A user who receives a message of INCORRECT LOGIN
will carefully retype the login and gain access to the system.
 A legitimate user will not complain if the login process takes
5 or 10 seconds.
 Systems commonly disconnect a user after a small number
of failed logins, forcing the user to reestablish a connection
with the system.

 Fixing Flaws in the Authentication Process :
 Some people give out their passwords for the asking.
Other passwords have been obtained just by someone
watching a user typing in the password.
 Second level of protection - another round of
passwords or a challengeresponse interchange.

 Biometrics: Authentication Not Using Passwords:
 based on some physical characteristic of the human
body.
 to recognize the following biometrics: fingerprints,
hand geometry (shape and size of fingers), retina and
iris (parts of the eye), voice, handwriting, blood vessels
in the finger, and face.

 Biometrics: Authentication Not Using Passwords:
 Identification versus Authentication.
Biometrics are very reliable for authentication but much less
reliable for authentication.

 All biometric readers operate in two phases:
 First, a user registers with the reader, during which
time a characteristic of the user (for example, the
geometry of the hand) is captured and reduced to a
template or pattern.
 Second, the user later seeks authentication from the
system, during which time the system remeasures the
hand and compares the new measurements with the
stored template.

 Problems with Biometrics
 Biometrics are relatively new, and some people find
their use intrusive.
 Biometric recognition devices are costly
 Variation reduces accuracy
 Biometrics can become a single point of failure.

Firewalls
 a device that filters all traffic between a
protected or "inside" network and a less
trustworthy or "outside" network.
 runs on a dedicated device
 executable code, an attacker could
compromise that code and execute from the
firewall's device.

Firewalls
 Purpose:
 to keep "bad" things outside a protected
environment.
 the challenge of protecting a network with a
firewall is determining which security policy meets
the needs of the installation.
 ensuring the validity of inside addresses.
 A packet filter sits between the inside network and
the outside net, so it can know if a packet from the
outside is forging an inside address.

Firewalls
 Design:
 a reference monitor must be
 always invoked
tamperproof
small and simple enough for rigorous analysis

Firewalls
 Types of Firewalls:
 Packet filtering gateways or screening routers
 Stateful inspection firewalls
 Application proxies
 Guards
Personal firewalls

Firewalls
 Types of Firewalls - Packet Filtering Gateway
 controls access to packets on the basis of packet
address (source or destination) or specific transport
protocol type (such as HTTP web traffic).
 Packet filter rule has two parts:
 Selection criteria
 Action field

Firewalls
 Types of Firewalls - Stateful Inspection Firewall
 maintains state information from one packet to another in
the input stream.
 to break an attack into multiple packets by forcing some
packets to have very short lengths so that a firewall cannot
detect the signature of an attack split across two or more
packets.
 track the sequence of packets and conditions from one
packet to another.

Firewalls
 Types of Firewalls - Application Proxy
 simulates the (proper) effects of an application so
that the application receives only requests to act
properly.
 A proxy gateway is a two-headed device: It looks
to the inside as if it is the outside (destination)
connection, while to the outside it responds just as
the insider would.

Firewalls
 Types of Firewalls – Guard
 decides what services to perform on the user's
behalf in accordance with its available knowledge,
such as whatever it can reliably know of the
(outside) user's identity, previous interactions, and
so forth.
 is limited only by what is computable.

Firewalls
 Types of Firewalls – Personal Firewalls
 protect a (sub)network of multiple hosts.
 an application program that runs on a workstation
to block unwanted traffic, usually from the
network.
 screens traffic on a single workstation.
 Combining a virus scanner with a personal
firewall is both effective and efficient.
 provide reasonable protection to clients.

Firewalls
 Types of Firewalls – Comparison
Packet
Filtering
Stateful
Inspection
Application
Proxy
Guard Personal
Firewall
Simplest More complex Even more
complex
Most complex Similar to packet
filtering firewall
Sees only
addresses and
service protocol
Type
Can see either
addresses or data
Sees full data
portion of
Packet
Sees full text of
Communication
Can see full data
portion of packet
Auditing difficult Auditing
possible
Can audit
Activity
Can audit
activity
usually
Does audit
activity

Firewalls
 Types of Firewalls – Comparison
Packet
Filtering
Stateful
Inspection
Application
Proxy
Guard Personal
Firewall
Screens based
on connection
Rules
Screens based on
information
across packets in
either header or
data field
Screens based
on behavior of
Proxies
Screens based on
interpretation of
message content
Typically,
screens based
on information in
a single packet,
using header or
data
Complex
addressing rules
can make
configuration
Tricky
Usually
preconfigured to
detect certain
attack signatures
Simple proxies
can substitute
for complex
addressing
Rules
Complex guard
functionality can
limit assurance
Usually starts in
"deny all
inbound" mode,
to which user
adds trusted
addresses as
they appear

Network Security
 Introduction to Network:
 A connection between hosts and routers to
facilitate exchange of information.
 Types:
 Circuit switched network: a dedicated circuit
established to exchange data.
 Packet switched network: the data between the
hosts and the routers is transferred as chunks.

Network Security
 Different layers in protocol stack:
Layer Purpose / work Done Protocols
Application
Responsible for handling the data sent
between applications between two hosts on a
network
HTTP, SMTP,FTP
Transport
Responsible for managing the end to end
logical connection
TCP and UDP
Network Routing data through a network Internet protocol
Link Layer
Transfers data over individual links on a
network
Ethernet
Physical
Sends binary data over the communication
media
-

Network Security
 Physical Layer:
 Possible attacks on the physical layer are as
follows:
 Cable cuts
 Wireless link jamming
 Application of high voltages to copper cables.

Network Security
Data Link Layer:
 consists of Ethernet, WLAN.
 MAC addresses - 48 bits
 24 bits represents the manufacturer
 another 24 bits represents the interface produced by the
manufacturer.

Network Security
Data Link Layer:
 CAM table overflow:
 Content Addressable Memory.
 responsible for maintaining a mapping between the
physical ports of a switch to the MAC address of the
hosts connected to it.
 limited in size.
 attack: fill table with fake/invalid MAC addresses.

Network Security
Data Link Layer:
 MAC address spoofing:
 all the traffic intended to flow to the victim will be
redirected to the host.
 DHCPAttacks:
 DHCP starvation attacks
 Fake DHCP server
 ARP Attack:
 to find the MAC addresses if the IP addresses are known.

Network Security
Network Layer:
 Packet sniffing
 IP Spoofing
 Fragmentation attack – overlap packets
 ICMP attack

Network Security
Transport Layer:
 TCP land attack
 UDP flooding attack
 TCP SYN attack

Intrusion Detection Systems
 a device, typically another separate computer,
that monitors activity to identify malicious or
suspicious events.
 receives raw inputs from sensors.
 It saves those inputs, analyzes them, and takes
some controlling action.

 Functions:
 monitoring users and system activity
 auditing system configuration for vulnerabilities and
misconfigurations
 assessing the integrity of critical system and data files.
 recognizing known attack patterns in system activity
 identifying abnormal activity through statistical analysis
 managing audit trails and highlighting user violation of policy or
normal activity
 correcting system configuration errors
 installing and operating traps to record information about
intruders

 Goals:
 Filter on packet state
 Filter on packet content
 Maintain connection state
 Use minimum number of signatures that can target
maximum number of threats
 Filter the packets in real-time
 Conseal itself from being discovered by the
attacker.

 Types:
 Signature-based intrusion detection systems:
 simple pattern-matching
 match a pattern corresponding to a known attack type.
 a series of TCP SYN packets sent to many different
ports in succession and at times close to one another

 Types:
 Signature-based intrusion detection systems:
 Problem:
 An attacker will try to modify a basic attack in such a way that
it will not match the known signature of that attack.
 the attacker may convert lowercase to uppercase letters or
convert a symbol such as "blank space" to its character code
equivalent %20.
 Statistical analysis:
 to obtain sample measurements of key indicators

 Types:
 Heuristic Intrusion Detection:
 behavior that is out of the ordinary.
 The inference engine of an intrusion detection system
performs continuous analysis of the system, raising an
alert when the system's dirtiness exceeds a threshold

 Types:
 Inference engines work in two ways:
 State based:
the system going through changes of overall state or
configuration.
 Others try to map current activity onto a model of
unacceptable activity and raise an alarm when the
activity resembles the model.

 Types:
 Inference engines work in two ways:
 Model based:
 to build a dynamic model of behavior.
 to accommodate variation and evolution in a person's
actions over time.
 compares real activity with a known representation of
normality.

 Types - where it is placed?
 network based IDSs:
 detects system attacks by capturing and analyzing
packets on a network switch.
 matching multiple packets against a database of
attack patterns or against a model of malicious
activity.

 Types - where it is placed?
 Host based IDSs:
 IDSs are installed at every computer in the
network and operate on information collected from
them.
Contains OS logs, audit and files.

 Stealth Mode:
 the attacker should not be able to detect the IDS.
 Interface:
 to monitor the interface.
 Sensitivity is a criterion that defines how malicious an
event is considered by the IDS.

 Goals:
 Responding to Alarms:
 Monitor, collect data, perhaps increase amount of data collected
 Protect, act to reduce exposure
 Call a human
 False Results:
 False positives means the administrator will be less confident of
the IDS's warnings, perhaps leading to a real alarm's being ignored.
 false negatives mean that real attacks are passing the IDS without
action.

 Strength:
 cheaper and easier to administer
 Limitations:
 Sensitivity
 An IDS does not run itself; someone has to
monitor its track record and respond to its alarms.

Data Privacy Principles
 the prevention of the data mining and the
unauthorized use of personal information,
which are illegal in many parts of the world.
 Types:
 Internet privacy
 Financial privacy
 Medical privacy
 Locational privacy

 Types: Internet privacy
 reading of one’s email by third parties
 Tracking of users browser history by third parties.
 Collection, Storage and sharing of personal data
by some websites.

 Types: Financial privacy
 amount of assets held
 positions held in stocks and shares
 various purchases

 Types: Medical privacy
 A person not wish to disclose his/her medical records
due to various reasons.
 Informational – control over personal info.
 Physical – physical inaccessibility to others
 Psychological – respects patients cultural beliefs,
inner thoughts, values, feelings and religious
practices

 Types: Locational privacy
 knowing his/her mobility trace.
 competitor sales force
 attendance of a particular church
 presence in hotel

 Collection limitation
 Data quality
 Purpose specification
 use limitation
 Security safeguards
 Openness
 Individual Participation
 Accountability

 Collection limitation
 data should be obtained by lawful an fair
 Data quality
 data should be relevant to the purposes
 should be accurate, complete and up to date
 Purpose specification
 purpose of data collection should be specified
 use limitation
 should not be disclosed, made available or otherwise used
for purposes other than specified above.

Security safeguards
 against such risks as loss or unauthorized access,
destruction and modification
 Openness
 general policy of practices
 Individual Participation
 Accountability
 measures give effect to the principles stated.

IT6701-Information Management Unit 2

More Related Content

What's hot (20)

Similar to IT6701-Information Management Unit 2 (20)

More from SIMONTHOMAS S (20)

Recently uploaded (20)

IT6701-Information Management Unit 2